Tag Archives: technology

GDPR is bigger than Y2K

Fishing at seaThe 25th May is approaching! That’s the date the EU’s new legislation aimed at protecting the private data of all EU citizens using the internet comes into force.

“GDPR stands for General Data Protection Regulation. It is a legislation that aims to protect the privacy of all EU citizens. GDPR forces organisations to make major changes in the way they handle their customers personal data, affecting their business processes as well as software. It’s a whole system of principles, rights and obligations which you will need to be familiar with. GDPR will apply from 25 May 2018.” That’s a quote from an excellent article explaining the legislation, and the obligations of website administrators, in simple language. The actual legislation, in typical EU fashion, is lengthy. Here it is, for your edification. Pardon me if I don’t wait for you to catch up.

This comes after many breaches of people’s privacy, not so much hacking incidents, but more where data such as email addresses have been collected and sold or given to third parties to be used for such things as spam. The recent furore over Facebook and  Cambridge Analytica, where Facebook sent users’ data on to another company without their knowledge, is a case in point. I’m sure all computer users would agree that collecting information about them and passing it on without prior consent is wrong. In very simple terms the GDPR requirements mean that if a person (eg me) uses a website, and that website collects any data about me, I need to be told what data, and why, and I have to consent.

Fine. But it turns out ‘very simple’ isn’t very simple.

The thing is, we willingly share information about ourselves if there’s something in it for us. Our phones tell use what the weather’s like where we are, or where to find a restaurant – if location tracking is on. Information such as your age and sex can be used to target advertising so you’re shown dating sites for the right age group. Amazon famously uses your (collected and stored) browsing and purchase history to suggest other items which might be of interest. But that’s on Amazon’s own website. If the company on-sold the data, it’s another story. Then there are online retail sites (including Amazon), which require names, phone numbers and physical addresses. And it could be argued that if you don’t realise Amazon and Facebook and Google and Microsoft are all collecting data about you, you’d better get out from under that rock.

Mind you, if I’m buying something like an ebook I resent having to provide a physical address. It’s not needed to carry out the transaction, and I’ve been known to walk away rather than divulge.

But that’s the obvious stuff. There are other items of data that are collected to make the wheels of the internet turn smoothly, or for quite inocuous, statistical reasons. Many sites collect data such as IP addresses for Google analytics so the administrators can see which countries their visitors come from (it’s just a count – nothing more).

If I want to leave a comment on a website, then typically I’m asked for my email address and maybe my own website. That information is stored on the site’s server, and is visible to the administrators. If I elect to follow a site, my email address is collected. If I join a mailing list, ditto – and perhaps also my name. Etc.

The GDPR regulations state that visitors should opt in to collection of their data. They should be able to opt out at any time, and be able to delete any information that may have been collected at a given site.

It all sounds wonderful, doesn’t it?

And that brings me back to Y2K.

In the mid-1990’s the IT world had an ‘oh shit’ moment. Back when computers were first developed hardware was very, very expensive, so every effort was made to use the bare minimum of resources such as data storage. For that reason dates were stored as 6 digits – DDMMYY everywhere but the US, where it was MMDDYY. Then somebody realised that when we reached the year 2000, all our date maths would be out the window. Let’s say you started a 10-year loan on 1/5/95. It would be due to terminate on 30/4/05. But if you subtract 95 from 05, you don’t get 10. This meant retrofitting a gazillion systems using 6-digit dates to 8-digit dates (DDMMYYYY). It was huge. It required a multitude of analysts (to find where the dates were used) and programmers (to fix the code). But it was done. The century rolled over with barely a hiccup – but at a cost of billions of dollars. ($100 bilion in the US alone)

But that Herculean effort pales into insignificance in comparison with GDPR.

These requirements don’t just affect websites in the EU, they affect all websites which could be used by EU citizens. That includes this site, gretavanderrol.com, my crummy little website where I list my books and prattle on about my last holiday (and a few rants). Please do not imagine for a moment that compliance is easy. WordPress, the software upon which my site is based, is a huge enterprise. Half the world’s websites (especially the small ones) are hosted by WordPress. At some stage the company will catch up with some of the requirements, and include them in its basic framework, but not before 25 May 2018, when the law becomes enforceable. Added to that, there are literally thousands of WordPress plugins, (apps if you will) specially written to fit into the WordPress framework. Some of them use cookies, or collect information about visitors, and if I use the plugins, I’m responsible.

Even for a simple little site like mine I’m expected to list any cookies that the software might place on a visitor’s machine. Here’s what WordPress says about cookies for people leaving a comment [1].

“When visitors comment on your blog, they get cookies stored on their computer. This is purely a convenience, so that the visitor won’t need to re-type all their information again when they want to leave another comment. Three cookies are set for commenters:

  • comment_author_{HASH}
  • comment_author_email_{HASH}
  • comment_author_url_{HASH}

The commenter cookies are set to expire a little under one year from the time they’re set.”

I have to make sure you can see a list of every cookie my site stores and what it’s for. You have to give consent before you can comment on my blog, and you must be able to remove your consent, and delete any information I might have stored about you, which means deleting your comments, and also deleting any record of your visit, such as your IP address.

Needless to say, enterprising software developers are writing plugins to help website owners cope with the requirements – some are free, some are not. I tried one plugin which checked for use of cookies. It was free for a site with less than 100 pages. I don’t have a lot of pages – but I use the site for my blog, and every post was counted as a page. That put me into premium class, and would have cost me $10 per month, which is frankly more than I pay for hosting the site. One plugin required me to make a change to the header in the HTML. I assure you most site owners wouldn’t know what that meant, let alone how to do it. And all the way through, there are disclaimers that this plugin will not make your site compliant. Perhaps you should talk to a lawyer, and hire a developer.

And if you opt to ignore the legislation? The penalties are (to say the least) substantial. Here’s a quote from GDPR Associates. “There will be two levels of fines based on the GDPR. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher.”

I’m glad I never bothered with a mailing list. Anyone with a mailing list must go back to all subscribers and have them either subscribe again, or be assumed to have unsubscribed.

A ‘contact me’ form must explain what you’ll be doing with the contactee’s email address. I’ve deleted my ‘contact me’ page. But I have copied a boiler-plate privacy policy. I cannot imagine how the EU thinks it’s going to police this policy, especially on non-EU websites like mine. But I do get visitors residing in the EU, and I suppose all it needs is for one person to register a complaint. Me, I’m collecting up my toys and retreating to the comfort of WordPress.com. Not only is it cheaper, it relieves me of some of the responsibility of complying.

The thing is, while I can see why it’s being done, I don’t think much thought has been given to the ramifications. It’s like a fishing boat trawling for sharks. Trouble is, it swallows up everything – dolphins, turtles, tuna, mackerel, whiting, sardines, clown fish – the lot. Guess which species I am?

Advertisements

The trials of technology

It has been an interesting week as far as household goods go. We prefer to cook with gas, on account of it being easier to control than electricity. These days we have to contend with idiot regulations that stipulate one cannot own a cooker with gas burners, grill, and oven. One must choose either a gas grill OR a gas oven to go with a gas cook top.  So we elected to have a gas oven.

We don’t have household gas mains in our part of town, so we use bottled gas. And it appears some bottled gas is not as equal as other bottled gas. Before Christmas, being in somewhat of a hurry, and having 5 9kg bottles to refill, we bought ‘swap and go’ gas instead of waiting an hour or more to get them refilled. For those who don’t know, swap and go allows you to swap your empty gas bottle for a filled one for just the price of the gas. It’s also a good way of getting rid of your “soon to be” ten year old bottles that then need re-certifying.

When the oven started to play up, we called the gas fitters. We were informed that swap and go gas is not of the highest quality – although it’s fine for barbecues. Apparently our law makers, (yet to find out if it was State or Federal, suspect Federal), a few years ago passed a law that stated that bottled gas only needed to contain 51% gas or phrased another way, must contain at least 51% gas. We don’t know what the other (possibly) 49% is made up of but oil of some description is certainly part of it. Anyway the gas fitter explained that this “other” component of the gas cylinder’s content, (let’s call it gunk) will clog up your regulator and in particular the jets in the oven which although still working will reduce the pressure and result in less heat.

There you go. Lesson learnt, but only after the lasagne came out of the oven at the same temperature it went in. Thank goodness we have an outside oven/bbq. Needless to say, a late dinner ensued.

So we resurrected an idea we’d had for a time. Why not try an air fryer? We did some homework and decided upon a not very expensive model with good reviews.  You know the old saying, you get what you pay for? It’s not always true – you can often get a better deal by shopping around – but there are times when, yeah, it might have been wiser to shell out a little more. Anyway there were a heap of these things, all the same model, with prices from $110 to $299, so we took the $110 one and paid for delivery. Many others offer “free shipping”.

It wasn’t so much the unit’s performance. When it comes down to it, they all do the same thing – super heat air and circulate it quickly around the food to cook it with a minimum of oils or fats. But there are differences in the design of the oven. The one we bought looks a bit like a UFO, with a stainless steel removable tub. It said it came ‘with accessories’ but didn’t nominate which ones, so we ended up with less ‘accessories’ than the slightly more expensive units, some of which also had a non-stick tub. The one we bought was the same as the unit in this link – but we didn’t get the four items on the left (oil spray bottle, two flat plates, and the sort-of rotisserie thingy).

Hey ho. I had decided that we would try cooking a chook using a rotisserie provided with the oven. The (very meagre) instructions said that a whole chicken (and chopped roast potatoes, pumpkin, and carrot) would take 15 minutes at 250 degrees. After working out how to turn the bloody thing on (not explained in the Chinese Engrish) we gave it a whirl. Pun intended. We didn’t think the chicken would be cooked in 15 minutes and we weren’t disappointed. Apart from that, the prongs to keep the chicken on the rotisserie were a bit dinky. The chook slid down the pole to one end of the device and stopped turning – fortunately the cycle finished before we ended up with burnt on one side. The vegies weren’t cooked, either. We took the chook off the rotisserie and placed it in the tub with the veg and gave it another 20 at 220. Then we turned the chook over and gave it a final 15. By this time the green veg (on the stove top inside) was over cooked. But the chicken was lovely and moist.

Even after all that time the chicken could have used a little more cooking – it was still a bit pink at the joints. But that’s trial and error, isn’t it? And the oven was very easy to clean.

Apart from that, I have been watching the train-wreck that is America with growing trepidation. And I know it’s not just me. The highly respected New Yorker has an extinguished flame of liberty on its cover and Der Spiegel caused uproar with that highly evocative cover of somebody vaguely resembling Trump holding up the cut-off head of Liberty. There has been a rash of videos from many European countries urging Mister Trump to – sure, have America first – but what about us for second? I’m proud to say the Dutch started it. Many countries have joined in, but I think the best is Germany’s entry. (You’ll find the others listed on the Youtube page.) I don’t recall ever seeing a country’s leader lampooned quite so severely in his own country, and outside.

Meanwhile in Washington Trump has surrounded himself with a cabal of billionaires who know bugger all about the portfolios they have been given. The legislature’s descent into right wing Christian fundamentalist ideology is breathtaking.

On the other side of the world in Moscow several people who were suspected of being complicit in the West finding out about Russian hacking in the US election, have allegedly ‘disappeared’, and it seems one of Putin’s rivals has succumbed to mysterious poisoning. What’s the bet Putin will take over Eastern Ukraine any minute now?

And on that happy note, a few photos that have been artified by Photoshop.

Ancient hills in the Pilbara. Photo taken from the car (so a bit blurring and not great) but rendered acceptable by a PS filter. Paint daub.

Changing of the guard at Windsor Castle. This one was filtered as a poster, accentuating all those lines.

Autumn on the Rhine. I evened out the light in the water bottom left, and took out the power lines. The paint daub filter really brought out the Autumn colours

Geikie gorge. This was a good photo – but the dry brush effect is rather nice.